On 9 Apr 2002 at 9:55, Matthew Carpenter wrote: > We JUST put this sucker in, and I am interested in what types of > monitoring logs it offers. Can I access them aside from the console? Or is > it very similar to router maintenance? TIA
Get yourself a syslog server set up, it's almost impossible to do anything easily with the console. If you're using Windows for admin then get Kiwi Syslog, it's great. Once you've got the logs you'll need something to parse them, and that's when it becomes interesting. I've tried all sorts of reporting and never really found one I've liked, nearest was WebTrends Firewall Suite. You'll need to play around with the syslog options to get the data you need though - you can log everything from critical events (shutdown of PIX) all the way to "debug" level (eg. URLs being accessed, names of files transferred over FTP), but on a busy network the full logging can take up a lot of space. Set the level you need on the PIX itself to reduce traffic, but also look at setting options on the syslog server to filter specific messages (eg. I have Kiwi logging all denied connections to a second log file so I can parse that instead of the full one when looking for simple intrusion attempts and port scans). You can also use SNMP to get other monitoring information - I use MRTG on my PIX515 to get the number of concurrent connections and the incoming and outgoing bandwidth usage to watch for potential bottlenecks. The PIX itself has some data that I don't think you get any other way except via the console - for instance you can use "show conn" to output the current list of active connections through the PIX. I might be tempted to build a quick little VB app to allow me to get this data whenever I need at the click of a button by passing the console commands instead of me typing them, and produce reports just for quick snapshots, unless someone out there knows of an easier way to get at this. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
